Role-Based Access Control (RBAC)
Access control extended to Blameless for Slack
As a result of newly-introduced RBAC roles under IAM, Blameless has now extended access control from the platform into Slack. These enhancements empower teams to consistently align Blameless’s platform and Slack incidents with least privilege policies.
Key features include:
- Users can assign new incident roles that map to controls in both the Blameless platform and Slack.
- Three distinct roles are created automatically for each custom incident type, enabling users to effectively isolate access permissions by incident type (Incident Reader, Incident Writer, and Incident Admin).
- The new Incident Reader role allows users to do more within incidents (e.g., such as completing tasks and follow-up actions).
- Permissions are enforced via the Blameless web UI and Blameless APIs.
- Role to Slack Command mapping:
- Incident Reader:
- View Your Tasks
- View All Tasks
- Complete Your Tasks
- Show Tag(s)
- Show On-Call
- Show Escalation Policy
- Help - Commands (show)
- All Emoji usage in channel
- Incident Writer:
- All Reader items, plus:
- Create Incident
- Assign Incident Role
- Resolve Incident
- Set Incident Status
- Set Incident Severity
- Set Incident Title
- Set Incident Description
- Add Task
- Assign Task
- Create Follow Up Action
- Create Swimlane
- Add Tag(s)
- Remove Tag
- Trigger Alert to On-Call (PagerDuty)
- Includes Invite to On-Call
- Incident Admin:
- All Reader and Writer items, plus:
- Delete Incident
- Incident Reader:
New customizable Slack incident channel naming option
Blameless has introduced additional flexibility to customize incident channel names in Slack via custom text (e.g., team name) and dynamic insertion of Blameless incident data into the channel name.
This option provides incident responders with more meaningful and descriptive names for incident channels in Slack. This enables responders to find urgent incidents more efficiently by aligning incidents with existing naming conventions.
Configurable as a new option for the
incident channel naming scheme setting under each incident type, you can now specify the syntax of your incident channel names in Slack through a combination of custom text and variables. The variables represent common incident data and can be specified in any order.
They include the following:
- Incident creation date
- Incident title
- Incident severity
- Incident status
- Incident ID
Additionally, as the incident progresses or if its title changes, Blameless automatically updates the incident channel name to reflect the latest state of the selected variables (e.g., status changing from investigating to monitoring).
Auto invite for multiple Slack users fails if any invitation to a user fails
When auto-inviting multiple users into an incident channel in Slack (Settings → Incident Types → Manage → Invited Slack Groups or Users), the request could fail for all users if at least one invitee was not recognized as a user in your Slack workspace.
Blameless detects and ignores auto-invited Slack users that do not exist (or no longer exist) in your Slack workspace. All other Slack users from the list of auto-invited Slack users that do exist in your Slack workspace will be invited to join the incident channel in Slack.
Unable to save updated Jira settings
After updating Jira settings for an incident type (Settings → Incident Types → Manage → JIRA Settings), users were unable to save their updates. Additionally, it would delete all the tasks from the checklist configuration under the same incident type setting.
Updates made to Jira settings for an incident type can now be properly saved and do not delete the tasks from the checklist.
Events are duplicated when entered manually via the incident detail page
When manually entering events to the incident timeline via the incident detail page in the Blameless web UI, the event would be duplicated in the incident timeline. Users could still manually delete one of the two events from the incident timeline.
Events added manually via the incident detail page are no longer duplicated, whether captured as text or via image upload.